I'll let you know if I make progress, but here's some info about things I've done and my situation. If you ever found a resolution, please let me know too.
I've had a ticket open for over a month on that (IIS FTPeS on Windows Server 2022) over directory listing issues. I never have issues connecting or sending, receiving and deleting did work the one time I was able to get the directory listing to work. I've tried with all the data ports allowed in the security policy (makes no difference and shouldn't be necessary with decryption).
Normally with a PASV problem you won't even get the path. In this scenario you can change paths on the server, get the initial path and it claims it's successful, but it's the contents of the directory that don't list. It did properly list 1 time, out of 100+ tests (which is why I know it can delete and retrieve files).
Status: Retrieving directory listing of "/path"... Status: Directory listing of "/path" successful
Important Note: Decryption profile must have the TLS max at 1.2, this cured my connection issues. Otherwise when set to max/1.3 I'd end up with TLS errors on connect. Other note: After leaving the connection idle we also get GnuTLS error -110: The TLS connection was non-properly terminated. I tested with FTP implicit over SSL as well and had the same results (granted that makes sense since the directory listing part is the same for both)
PAN-OS version: 10.1.7 Setup includes a Windows NLB vIP but I've tested direct as well. Tested with Filezilla client and WinSCP
... View more